I'm new to iptables and have been trying for days to get it running the way I want, but so far no success.
I have a DHCP/FTP/etc server and I need:
1. The client machines to have internet access, including FTP.
2. The server to have internet access, including FTP.
3. Block everything else coming from the WAN.
I only want HTTP, HTTPS, DNS, and FTP to be allowed through the WAN, everything else must be blocked. Everything can be left wide open on the LAN, I don't care what gets passed around there.
Can anyone help out? I've been reading up on iptables for days and I still can't get it to work. I've tried all kinds of combinations of rules, and so far the only way I can get it to work is to set the policy to ACCEPT.
Here are the basic rules I have set for iptables:
Code:
export LAN=eth0
export WAN=eth1
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $LAN -j ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -i lo -j ACCEPT
iptables -A OUTPUT -i $LAN -j ACCEPT
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
So far, I've just set the FORWARD policy to ACCEPT to get internet access for the clients.